SAN FRANCISCO
Officials in the U.S. warned Apple users Thursday about a vulnerability in the company’s iOS mobile operating system that could open up devices to hackers prowling for personal information.
The technique is called “Masque Attack.” Hackers fool iPhone and iPad users into downloading malware instead of a legitimate app from the Apple App Store.
The National Cybersecurity and Communications Integration Center and the U.S. Computer Emergency Readiness Teams posted the online warning.
“This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system,” according to the bulletin. “In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.”
Once hackers have accessed the mobile device, they can pilfer login and other sensitive information such as banking or social media data. Hackers can also monitor the device’s use from afar.
The “Masque Attack” was discovered earlier this week by the FireEye security firm. It found that hackers could trick victims into downloading fake apps with titles like “New Flappy Bird.”
“This technique takes advantage of a security weakness that allows an untrusted app – with the same ‘bundle identifier’ as that of a legitimate app – to replace the legitimate app on an affected device, while keeping all of the user’s data,” the government contends. “This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier.”
In order to avoid a “Masque Attack,” FireEye and the government team said users should only download apps from the Apple App Store. They also recommend that users don’t click “Install” from third party pop-up advertisements when visiting a Web page.
Apple has not yet commented on the vulnerability.
www.aa.com.tr/en
